I provide an insider's view of the modern business world based on my years of experience working as an executive and consultant within the Global 3000. I am the CEO for Evolve! Inc, a Digital Marketing Agency, and the author of Socialized! which some call “the playbook for Social Business”. Want to learn more? Follow me on Twitter @MarkFidelman, Facebook, or @MarkFidelman on Instagram

What Apple and Google are not Telling you About Mobile Device Security (infographic)

With 6 billion global mobile subscribers and over 35 billion apps downloaded to those devices, one begins to wonder how secure this situation is for businesses. In fact it’s not. The situation can best be described as turning an organization’s network security into Swiss cheese, where holes are opening up from devices everywhere.

Welcome to the mobile business revolution. Along with any major insurgency, what previously seemed secure meets what suddenly makes it vulnerable.

Based on research from the most recent Unisys Security Index report, Unisys found that business users are accessing critical corporate data via unprotected means such as public wifi and utilizing simple passwords. In addition, an increasing number of people are accessing their employers’ business applications using their personal devices.

And thanks to the flood of devices surging into the workplace from the BYOD movement, the world can suddenly climb through the thousands of security holes opened up by all those devices and apps.

Enterasys Networks was one of the first Security vendors to address this issue, and I suspect Unisys will follow suit. Companies like Good for Enterprise are providing a robust security wrapper around productivity applications, but it’s still not charged with protecting that rogue game downloaded by Henry in Marketing.

One thing is for sure, there’s going to be a lot of challenges for IT moving forward. Unisys has outlined a few of them in the infographic below:

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

I’ll admit my bias up-front: I’m a BlackBerry employee, and as such, am not supposed to comment. But I will anyway.

Maybe the unwashed masses have voted BlackBerry down, but thoughtful customers who truly value mobile security understand that BlackBerry has had the problem considered and solutions implemented for more than twice as long as any competitor has been around. The timeline infographic subtly implies the mobile universe was created by Apple in 2007. BlackBerry has been built for mobile since 1999. Security is not an afterthought or a third-party responsibility; it’s in our DNA.

There is a mobile security solution. It is in place for over 77 million users (and growing) around the world. It has more than 13 years of battle-testing — in many cases, literally — and has achieved some of the highest security certifications available. (http://www.blackberry.com/security; click Certifications.) It is used all the way to the top end of the spectrum – and you know who I’m referring to. But it’s labelled irrelevant?

Leonardo’s first point is solved by multi-factor authentication, which we’ve supported for at least half a decade. His second point is solved by BlackBerry Balance, in-place since 2010.

Too many passwords for spacevegetable? Use Password Keeper, an AES-256 encrypted password app that’s been on our devices for many years. It even generates passwords of your desired complexity and you can copy/paste them into your browser or app without ever showing them on-screen. (Corporate administrators can’t access Password Keeper content, so employees can feel comfortable putting their own stuff in there.) I keep hundreds of unique and sensitive passwords in there, without fear or hesitation. And it’s available to everyone, not just corporate users.

Kashmir Hill raises the issue of unsecured Wi-Fi and blacklist/whitelist apps. Both are trivial on a BlackBerry Enterprise Server using Wi-Fi Profiles and Software Configurations. VPN has been built in for well over half a decade, but even the most basic BES encryption that’s been in-place on BlackBerry since the last century automatically protects you no matter whether you’re working on Wi-Fi or cellular. No action needed – that’s what it does. It’s stunningly simple to enforce, prevent, remove, or ignore apps using Software Configurations – in-place for many, many years now. You can fine-tune security for apps that you don’t even know about! Rogue app threat? Neutered by BlackBerry while Henry from Marketing was still in grade school.

Ligia Adam suggests in order to have security on an Apple or Android mobile platform, you may need to get third-party applications. Not for BlackBerry. Out of the box? Good to go. Need military-grade security? S/MIME? PGP? RSA? Smart cards? Forbidden passwords? Minimum required complexity? All supported. Just turn it on.

You appeal to common sense in the comments, but the portion of the infographic labelled “Big Security Gaps Within Organizations” indicates that isn’t working out so well.

*Everything* listed as a risk in this article is something that was mitigated by BlackBerry years before iPhone or Android existed. Everything you will list when you re-write this article in a couple of years has probably been done too. There’s so much already in-place — we protect against removal from wireless network (your remote wipe won’t work if the bad guys take the SIM out, but ours can), fake batteries made by spies (we check *everything*), and even have a way to secretly alert your people if you’re being held hostage. Visit http://docs.blackberry.com/en/admin/subcategories/?userType=2&category=BlackBerry+Enterprise+Server+Security and click the Security Technical Overview. Most of the security discussions highlighted in the article are reactive. BlackBerry gives you the chance to be proactive. Want it for free? Check out BlackBerry Enterprise Server Express.

The uncritcal Apple/Android fanboy worship ignores the fact we’ve already solved what you’ll be bitten by next year – and will have to implement an after-the-fact extra-cost third-party solution for after a security breach. It’s hard to believe people are praising the innovation of a wooden barn door for escaped cows when their neighbour has the equivalent of an underground cow bunker. :-)

There comes a point at which experience and a solid track record matters more than whether you can play Angry Birds or generate flatulence on demand. But if you absolutely must, well, we support that too.

Is BlackBerry bullet-proof? No. (This news report disagrees: http://www.youtube.com/watch?v=uSCyBLVSkFM.) But to write an article on mobile security and ignore the top mobile security solution (and dismissing it with a flip remark in the comments) is a significant omission.

I’d have written this even if I didn’t work for RIM — it’s still all true. The opinions are mine, not RIM’s. But I can back them up with fact.

Maybe the reason BlackBerry is irrelevant is that the article only highlights vulnerable mobile operating systems.

As you know Blackberry failed to provide the right innovations to keep its customers. Although it clearly appears that you’ve solved many of the security issues, it’s not enough to win over today’s consumers.

You say, “There comes a point at which experience and a solid track record matters more than whether you can play Angry Birds or generate flatulence on demand. But if you absolutely must, well, we support that too.” The point that you and RIM are missing is that your customers prefer Android/Apple to what Blackberry is providing. You led with an innovative product then got caught in an innovator’s dilemma situation. Even when the iPhone started shipping and quickly became successful, your executives were making every excuse internally and externally not to either build a better product or at least incorporate the best functionality of the iPhone.

I have first hand knowledge here, so I know what went down.

RIM needs to leap frog the Android and Apple devices (similar to Microsoft’s plan) and develop the next generation solution. A solution that takes into account where and how people will be using devices 5 years from now.

Thanks Mark. I’m not at all disagreeing that consumers are showing a preference for a certain mobile experience. I argue that BlackBerry provides the fun stuff (media, apps, etc.) but reliability and security are extremely high priorities for us. Maybe people think of us as reliable and secure, therefore we can’t be fun? That’s solely a matter of perception, not reality.

We got to the point years ago where mobile computing became both affordable and ubiquitous. The things that matter to business are not always in line with the things that matter to a consumer. Ultimately, even a business user is a consumer at heart; BYOD allows the consumer voice to speak quite loudly. It took three releases of the iPhone OS to allow copy and paste, and years before it could multitask. Regular users can’t replace the battery on an iPhone. There is just no security – flaw after flaw kept popping up. We had trouble believing anyone would find that acceptable.

Turns out that when the focus is on fun (watching a TV show while commuting) or you’re not a mobile worker (you’re a worker who happens to have a mobile device), key considerations for our core demographic aren’t key for the other. Stellar battery life matters only to a small degree when you have a one hour commute and you spend the rest of your day at a desk. Excellent keyboards matter less if your primary focus is playing games and the bulk of your communication is “OMG”, “LOL”, and “oh noes”. Manageability? Bandwidth? Who cares?

We had and have a lot to learn, not the least of which how priorities continue to evolve. I’m proud of what we’ve done and I’m proud of what we’re doing. The article though, is on mobile security. No matter how much of a BlackBerry lover or hater one might be, it’s pretty hard to argue we’re not at the top of the heap here.

it’s getting more an more maddening for employees. You have to remember more and more passwords, PIN numbers, and they expire, you cannot repeat them. The email, the timetracker, the bank, the cellphone, the voicemail… Big companies are tranfering the security concerns to employee’s overhead, and that means less time to do the actual work and concentrate. Mark my words, is going to get really mad. We should be asking ourselves why passwords are needed in the first place, why companies must hide their actions under layers of security, secrecy and Non Disclosure Agreemens only to intimidate the employees. The weaker link always carry the most weight in this cases.

I would agree with you when it comes to simplify our lives with digital IDs, but in the other hand, I share the uneasiness some people express on having your very social and job life encapsulated on a single device or chip. Weeks ago I realized that if I wanted to check my job emails from my Android Phone, I needed to install a GoogleApps Device Policy add-on, and basically meant I was giving away to my employer the capability to ERASE all my cellphone data! I gladly uninstalled it.

I think the debate must lie on WHY so many security is needed. Again, if companies have so much to hide, there’s something wrong.

I would agree with you when it comes to simplify our lives with digital IDs, but in the other hand, I share the uneasiness some people express on having your very social and job life encapsulated on a single device or chip. Weeks ago I realized that if I wanted to check my job emails from my Android Phone, I needed to install a GoogleApps Device Policy add-on which basically gives your employer the capability to access and erase all MY cellphone data, including personal stuff outside this account. I gladly uninstalled it.

I think the debate must lie on WHY so many security is needed. Again, if companies have so much to hide, there’s something wrong.